Skip to main content
Sync With LDAP/MSAD
Barracuda Admin avatar
Written by Barracuda Admin
Updated over 10 months ago

To sync with LDAP/MSAD you need to configure some parameters according to the vendor you're using. Currently only MSAD is supported, but you can use other configurations using a custom profile. See also How to Install the CloudGen Access User Directory Connector.

MSAD

Example configuration parameters (config.json file) for an MSAD installation:

{
  enrollment_token="https://enterprise.fyde......", 
  ldap_host="192.168.1.169", 
  ldap_profile="ad", 
  ldap_user_search_base="ou=Users,ou=MyOrg,dc=myorg,dc=com", 
  ldap_group_search_base="ou=Groups,ou=MyOrg,dc=myorg,dc=com", 
  ldap_auth_method="simple", 
  ldap_auth_username="User Name", 
  ldap_auth_password="password"
}

Configuration Parameters

The LDAP-specific parameters are listed in the tables below. See also General parameters. Note that you only need prefix the key with "FYDE_"... and capitalize the rest if you are using an environment variable, but not with a configuration file or a Vx.

Basic Connection And Auth

Key

Default Value

Type

Description

ldap_host

string

LDAP server hostname/IP to connect to

ldap_port

389 or 636 (TLS)

string

LDAP server port to connect to

ldap_auth_method

string

Authentication methods:

  • anon Anonymous

  • simple User/password

  • sasl_external

  • sasl_kerberos

  • ntlm

ldap_auth_username

string

Username for simple auth method

ldap_auth_password

string

Password for simple auth method

ldap_auth_sasl_credentials

string

SASL credentials for SASL auth method

ldap_use_starttls

true

bool

Use StartTLS for LDAP

ldap_use_tls

false

bool

Connect to LDAP using TLS

ldap_sni

false

string

Use SNI hostname when using TLS

ldap_privkey

string

Specify private key for TLS auth

ldap_privkey_password

string

Specify private key password for TLS auth

ldap_pubkey

string

Specify public key for TLS auth

ldap_cacerts

string

Specify CA trusted certs

ldap_check_certs

true

bool

Check if server certs are trusted or not

ldap_check_hostname

true

bool

Check hostname on the certificate

ldap_cert_additional_names

string

Specify additional valid hostnames

More Advanced Options

Key

Default Value

Type

Description

ldap_debug_detail_level

error

string

LDAP level debugging levels:

Options:

  • off

  • error

  • basic

  • protocol

  • network

  • extended

ldap_profile

ad

string

Enables vendor specific configurations. Options:

  • ad

  • custom

ldap_connect_timeout

10

string

Connection timeout for the LDAP server (in seconds)

ldap_receive_timeout

60

string

Receive timeout

ldap_ignore_malformed_schema

false

bool

Ignore errors caused by malformed schemas

ldap_user_search_base

string

Search query to find user objects

ldap_user_class_filter

string

Search base to find user objects

ldap_user_search_scope

subtree

string

Scope to find user objects. Options:

  • subtree

  • singlelevel

ldap_user_uuid

string

Specify user UUID attribute

ldap_user_name

string

Attribute to get user name from

ldap_user_phone

string

Attribute to get user phone from

ldap_user_email

string

Attribute to get user email from

ldap_user_disabled_filter

string

Attribute to get user disabled state from

ldap_user_modified

string

Attribute to check user for last modification

ldap_user_deleted_filter

string

Search query to find deleted users

ldap_user_deleted_controls

string

Control OID for user deleted

ldap_group_search_base

string

Search query to find group objects

ldap_group_class_filter

string

Search base to find group objects

ldap_group_search_scope

subtree

string

Scope to find group objects. Options:

  • subtree

  • singlelevel

ldap_group_uuid

string

Specify group UUID attribute

ldap_group_name

string

Attribute to get group name from

ldap_group_modified

string

Attribute to check group for last modification

ldap_group_deleted_filter

string

Search query to find deleted groups

ldap_group_deleted_controls

string

Control OID for group deleted

ldap_membership_object

group

string

Scope to find group objects. Options:

  • user

  • group

ldap_membership_attribute

string

LDA membership attribute

Did this answer your question?